[ISN] Cyberwar’s Gray Market

http://www.slate.com/articles/technology/future_tense/2013/01/zero_day_exploits_should_the_hacker_gray_market_be_regulated.html By Ryan Gallagher Slate Jan. 14, 2013 Behind computer screens from France to Fort Worth, Texas, elite hackers hunt for security vulnerabilities worth thousands of dollars on a secretive unregulated marketplace. Using sophisticated techniques to detect weaknesses in widely used programs like Google Chrome, Java, and Flash, they spend hours crafting “zero-day exploits”—complex codes custom-made to target a software flaw that has not been publicly disclosed, so they can bypass anti-virus or firewall detection to help infiltrate a computer system. Like most technologies, the exploits have a dual use. They can be used as part of research efforts to help strengthen computers against intrusion. But they can also be weaponized and deployed aggressively for everything from government spying and corporate espionage to flat-out fraud. Now, as cyberwar escalates across the globe, there are fears that the burgeoning trade in finding and selling exploits is spiralling out of control—spurring calls for new laws to rein in the murky trade. Some legitimate companies operate in a legal gray zone within the zero-day market, selling exploits to governments and law enforcement agencies in countries across the world. Authorities can use them covertly in surveillance operations or as part of cybersecurity or espionage missions. But because sales are unregulated, there are concerns that some gray market companies are supplying to rogue foreign regimes that may use exploits as part of malicious targeted attacks against other countries or opponents. There is also an anarchic black market that exists on invite-only Web forums, where exploits are sold to a variety of actors—often for criminal purposes. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org




Facebooktwittergoogle_plusredditpinterestlinkedinmail